We are open & providing remote audit and compliance services during this national emergency.
Learn more about our Virtual Auditing Services during Covid 19

New White Paper: “The Complete Guide to Enterprise Risk Management” DOWNLOAD NOW
Author Picture

Updated on March 12, 2018 byDavid Dunkelberger

Share this article!share this article
Listen to: "Simple Ways to Determine When to Include Processing Integrity into Your SOC 2 Audit"

Processing Integrity Is One Of The Five Trust Service Principles to Help Determine the Scope of Your SOC 2 Audit

Each time you need to schedule a Service Organization Control 2 (SOC 2) audit for one of your service organizations, it is important that you decide which of the five Trust Service Principles you want and/or need to include in the resulting report from your SOC 2 audit.

As a quick refresher, the Trust Service Principles (TSP) are:

  1. Security
  2. Availability
  3. Processing Integrity
  4. Confidentiality
  5. Privacy

The only TSP that is required in any SOC 2 audit is security. The rest of the TSPs—including processing integrity—are optional for inclusion, according to your general focus or specific concerns.

What Is Processing Integrity?

As defined above, processing integrity provides assurance that everything in the audited system is complete, valid, accurate, timely and authorized to fully satisfy the entity’s objectives.

The processing integrity criteria tests associated with the SOC 2 audit set out to reveal that there are no errors in processing. If there are any errors, processing integrity also assures timely correction.

Processing integrity criteria also focuses on inputs and outputs to the system, ensuring they are accurate throughout the processing of any actions within the system.

Finally, the criteria involved with processing integrity spotlight the data itself, as far as how it is stored and maintained while under the service organization’s care and responsibility.

Why Is Processing Integrity Important for A SOC 2 Audit?

Any time that a user entity enlists the outside sourcing of a service organization, it is important to know the key points of the service organization’s operations.

It is particularly important to determine that the system itself has the appropriate levels of integrity to protect the user entity’s information, along with knowing that the system—including hardware, software and cloud applications—is completely accurate, valid, timely and properly authorized.

Processing integrity is a vital part of a SOC 2 audit for the sake of ensuring the service organization is abiding by its agreement that mandates operational and technical parameters within which the service organization must comply.

You will know that your service organization is operating with processing integrity exists if the system performs all of its intended functions in an unimpaired manner, with no unauthorized or inadvertent manipulation.

Why You May Choose to Include Processing Integrity with a SOC 2 Audit

There are a few reasons that a user entity may decide to include processing integrity in an SOC 2 audit, including:

  • If transactions do not fulfill the level of completeness necessary, according to the agreement.
  • It there is duplication in processing, or there is a disconnect between the standard business values and expectations of the user entity, the validity of the service organization’s processing integrity comes into question.
  • If the user entity suspects or has detected errors that may have been introduced into its information and control procedures via outside sources. If this user entity engages several service organizations, an audit can help pinpoint the issue at its source.
  • If key information associated with submitted transactions is inaccurate, user entities may require a SOC 2 report on processing integrity to get to the core of the issue with a specific service organization.
  • If there are frequent delays in the provision of services or the delivery of goods—especially on an ongoing basis—a closer look at the service organization’s processing integrity may help both parties resolve the issue, quickly and fully.
  • If the user entity has reason to believe that processing related to their system is being performed by users without required approvals and privileges at the service organization, they may request a processing integrity review to ensure that only those with proper authorization work with their transactions.

    • Generally, when things are running smoothly and according to a detailed agreement, user entities have little reason to request this particular TSP. However, it is a highly useful tool to sort out smaller issues before they can grow and become bigger problems, or even catastrophic messes.

    Do You Need to Perform A SOC 2 Audit with A Focus on Processing Integrity?

    Are you worried about issues related to processing integrity at one of your service organizations? If so, our team at I.S. Partners, LLC. can help you sort things out.

    We can sit down with you to look at the issues that have caught your attention to determine whether a processing integrity focus will uncover the underlying problem. If you decide to go forward with a SOC 2 audit and processing integrity review, we can help you get to the bottom of it all, so you can maintain a healthy professional partnership with your service organization.

    Call us at 215-675-1400 or request a SOC Audit quote!

    Author Picture

    About David Dunkelberger

    During his 25-year career, David has successfully delivered assurance, business advisory and investigative services to the financial institutions industry, primarily commercial banks and insurance companies. Additionally, he possesses solid competencies in risk-based auditing and internal control evaluation, and has generated significant cost savings for clients engaged in Sarbanes-Oxley compliance. He has held senior positions in both public accounting and private industry.Prior to joining IS Partners, LLC, David managed forensic investigations at a nationally-recognized accounting firm and provided fraud detection, forensic investigation and litigation support services for the FDIC.David graduated from Temple University in Philadelphia, PA. Read other articles written by David Dunkelberger

    Related Articles

    Work from Home SOC 2: Overcoming Cyberattack Challenges Work from Home SOC 2: Overcoming Cyberattack Challenges
    Work from Home SOC 2: Overcoming Cyberattack Challenges
    Are Pen Tests & Vulnerability Scans Needed for SOC 2 Report Compliance? Are Pen Tests & Vulnerability Scans Needed for SOC 2 Report Compliance?
    Are Pen Tests & Vulnerability Scans Needed for SOC 2 Report Compliance?
    Building a Strong SOC 2 Team Building a Strong SOC 2 Team
    Building a Strong SOC 2 Team
    Our Guideline of a SOC 2 Timeline: Know What to Expect Our Guideline of a SOC 2 Timeline: Know What to Expect
    Our Guideline of a SOC 2 Timeline: Know What to Expect
    Untitled-1

    Get Hassle-free Pricing in 3 Easy Steps

    1
    Request a quote using the form below
    2
    Allow us to create a customized plan
    3
    We'll get you an accurate, no-obligation quote
    Untitled-1 Asset 1 Request a Quote Background

    Request a Quote

    Please fill out the fields below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 642-2230

    Request a Quote (Keep)

    I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

    Sending

    Great companies think alike!

    Join hundreds of other companies that trust I.S Partners for their compliance, attestation and security needs.

    Teladoc VeriClaim DentaQuest VisioNet Verifacts Sterling AV Med DOE Legal
    Privacy | Terms | Sitemap | Seals

    © 2020 I.S. Partners